Tag Archives: IBM i Security

I thought it would be interesting for my first Security Bytes post of 2107 to pull together the most popular posts from 2016 based on number of readers. As an added attraction, I’ve also included the most popular post in … Continue reading

Posted in IBM i Security, Single Sign-On (SSO) | Tagged , , , , | Leave a comment

In the latest version of her well-known IBM i security reference, IBM i Security Administration and Compliance, Carol Woodbury hits the ball out of the park. Not only does the book provide valuable technical information, it also introduces the reader … Continue reading

Posted in Announcement, IBM i Security | Tagged , , , , , | Leave a comment

You may have heard that IBM included an interesting new security-related enhancement in the V7.3 release. Called authority collection, it provides information intended to help security administrators minimize the amount of authority to objects granted to users on a system.

Posted in Announcement, IBM i Security, User Authority | Tagged , , , , , , | Leave a comment

“Security by obscurity” means relying on lack of knowledge of how a thing is protected as the sole means of preventing unauthorized access to that thing. There’s been a debate going on over at the Midrange-L discussion forum about the efficacy of this … Continue reading

Posted in Encryption, IBM i Security | Tagged , , , , | Leave a comment

Verizon’s “Data breach digest. Scenarios from the field.” document includes a description of a successful attack on a water utility running on an “AS/400” (a.k.a. IBM i.)  It describes how a suspected Syrian “hacktivist” group broke into an IBM i … Continue reading

Posted in IBM i Security, Info Security Mgmt | Tagged , , , , | Leave a comment

Lately I’ve found myself wondering…. does the FBI really need Apple’s help to decrypt a bad guy’s iPhone? Something seems fishy about the dust up between the FBI and Apple over the encrypted iPhone previously used by one of the … Continue reading

Posted in IBM i Security, Security Breach | Tagged , , , , , | Leave a comment

Recently I described a process that I use with customers to help them make decisions about where to spend their money allocated to information security. That post explained how to identify projects, but it didn’t address how to prioritize those … Continue reading

Posted in IBM i Security, Info Security Mgmt | Tagged , , , , , | Leave a comment

It’s that time of year again. Budgeting for next year means that you need to figure out how much you’re going to spend on security projects and products.  Of course, in order to determine how much money you need to … Continue reading

Posted in Info Security Mgmt, Information Security, Security Breach | Tagged , , , , , , , , , , | Leave a comment

  One of the things I like best about my job is that I get to see a lot of different environments using many different parts of the operating system.  This often gives me the opportunity to learn something new.

Posted in IBM i Security, Single Sign-On (SSO) | Tagged , , , , , , , | Leave a comment

We all know about special authorities, right? Defined by the IBM i operating system, they include *ALLOBJ, *AUDIT, *JOBCTL, *IOSYSCFG, *SAVSYS, *SERVICE, *SECADM and *SPLCTL. A few months ago I wrote about a set of IBM i APIs and commands … Continue reading

Posted in IBM i Security | Tagged , , , , | Leave a comment